What Are You Looking For?

Sign Up
   SUSE Security Update: Security update for mutt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2403-1
Rating:             important
References:         #1101567 #1101570 #1101571 #1101573 #1101576 
                    #1101577 #1101578 #1101581 #1101582 #1101588 
                    #1101589 #936807 
Cross-References:   CVE-2018-14349 CVE-2018-14350 CVE-2018-14352
                    CVE-2018-14353 CVE-2018-14354 CVE-2018-14355
                    CVE-2018-14356 CVE-2018-14357 CVE-2018-14358
                    CVE-2018-14359 CVE-2018-14362
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has one errata
   is now available.

Description:

   This update for mutt fixes the following issues:

   Security issues fixed:

   - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave
     room for quote characters (bsc#1101582).
   - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer
     underflow (bsc#1101581).
   - CVE-2018-14362: Fix pop.c that does not forbid characters that may have
     unsafe interaction with message-cache pathnames (bsc#1101567).
   - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers     via backquote characters (bsc#1101578).
   - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID
     (bsc#1101576).
   - CVE-2018-14355: Fix imap/util.c that mishandles ".." directory traversal
     in a mailbox name (bsc#1101577).
   - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without
     a message (bsc#1101589).
   - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer
     overflow for a FETCH response with along INTERNALDATE field
     (bsc#1101588).
   - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute
     arbitrary commands via backquote characters (bsc#1101573).
   - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).
   - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer
     overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).


   Bug fixes:

   - bsc#936807: On entering a 70 character subject line in mutt, a tab is
     added to the text after 67 characters.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-mutt-13736=1

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-mutt-13736=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-mutt-13736=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-mutt-13736=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-mutt-13736=1



Package List:

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      mutt-1.5.17-42.43.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      mutt-1.5.17-42.43.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      mutt-1.5.17-42.43.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      mutt-debuginfo-1.5.17-42.43.1
      mutt-debugsource-1.5.17-42.43.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      mutt-debuginfo-1.5.17-42.43.1
      mutt-debugsource-1.5.17-42.43.1


References:

   https://www.suse.com/security/cve/CVE-2018-14349.html
   https://www.suse.com/security/cve/CVE-2018-14350.html
   https://www.suse.com/security/cve/CVE-2018-14352.html
   https://www.suse.com/security/cve/CVE-2018-14353.html
   https://www.suse.com/security/cve/CVE-2018-14354.html
   https://www.suse.com/security/cve/CVE-2018-14355.html
   https://www.suse.com/security/cve/CVE-2018-14356.html
   https://www.suse.com/security/cve/CVE-2018-14357.html
   https://www.suse.com/security/cve/CVE-2018-14358.html
   https://www.suse.com/security/cve/CVE-2018-14359.html
   https://www.suse.com/security/cve/CVE-2018-14362.html
   https://bugzilla.suse.com/1101567
   https://bugzilla.suse.com/1101570
   https://bugzilla.suse.com/1101571
   https://bugzilla.suse.com/1101573
   https://bugzilla.suse.com/1101576
   https://bugzilla.suse.com/1101577
   https://bugzilla.suse.com/1101578
   https://bugzilla.suse.com/1101581
   https://bugzilla.suse.com/1101582
   https://bugzilla.suse.com/1101588
   https://bugzilla.suse.com/1101589
   https://bugzilla.suse.com/936807

SUSE: 2018:2403-1 important: mutt

August 17, 2018
An update that solves 11 vulnerabilities and has one errata is now available

Summary

This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles ".." directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). Bug fixes: - bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mutt-13736=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mutt-13736=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mutt-13736=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mutt-13736=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mutt-13736=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mutt-1.5.17-42.43.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): mutt-1.5.17-42.43.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): mutt-1.5.17-42.43.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mutt-debuginfo-1.5.17-42.43.1 mutt-debugsource-1.5.17-42.43.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mutt-debuginfo-1.5.17-42.43.1 mutt-debugsource-1.5.17-42.43.1

References

#1101567 #1101570 #1101571 #1101573 #1101576

#1101577 #1101578 #1101581 #1101582 #1101588

#1101589 #936807

Cross- CVE-2018-14349 CVE-2018-14350 CVE-2018-14352

CVE-2018-14353 CVE-2018-14354 CVE-2018-14355

CVE-2018-14356 CVE-2018-14357 CVE-2018-14358

CVE-2018-14359 CVE-2018-14362

Affected Products:

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2018-14349.html

https://www.suse.com/security/cve/CVE-2018-14350.html

https://www.suse.com/security/cve/CVE-2018-14352.html

https://www.suse.com/security/cve/CVE-2018-14353.html

https://www.suse.com/security/cve/CVE-2018-14354.html

https://www.suse.com/security/cve/CVE-2018-14355.html

https://www.suse.com/security/cve/CVE-2018-14356.html

https://www.suse.com/security/cve/CVE-2018-14357.html

https://www.suse.com/security/cve/CVE-2018-14358.html

https://www.suse.com/security/cve/CVE-2018-14359.html

https://www.suse.com/security/cve/CVE-2018-14362.html

https://bugzilla.suse.com/1101567

https://bugzilla.suse.com/1101570

https://bugzilla.suse.com/1101571

https://bugzilla.suse.com/1101573

https://bugzilla.suse.com/1101576

https://bugzilla.suse.com/1101577

https://bugzilla.suse.com/1101578

https://bugzilla.suse.com/1101581

https://bugzilla.suse.com/1101582

https://bugzilla.suse.com/1101588

https://bugzilla.suse.com/1101589

https://bugzilla.suse.com/936807

Severity
Announcement ID: SUSE-SU-2018:2403-1
Rating: important

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo